What is the best IIS auth type for my webpage? I need the following running
on Windows 2000 / IIS 5 with an 2003 AD Domain.
I need .Asps that will do the following administration tasks :
Access to the LDAP Directory from an .ASP (To query the ServerVariable /
Logon_User) and get their group memberships for access..
Access to other servers file shares (Directly from ASP) (For logon script
reporting on the \netlogon share for example)
An ASP that must be able to reset users Domain passwords (Used only by the
helpdesk with limited other access)
If I choose Anonymous (With the IUSR_MACHINE Account) I can't get the
LOGON_USER Variable... Nor can I query the LDAP Directory.
If I choose Anonymous (Using a restricted Domain User ID) I still can't get
the Logon_User Variable...but I can query LDAP
If I choose Windows Auth : I can't pass credentials to the DC for LDAP
queries.. (See my post on 8/17 subject :Double Hop Issue?) problem with
Kerberos through VPN etc...
If I choose Basic Auth users need to logon each time ...
Should I try to learn about session cookies and use that to store
credentials?
I am so stuck here.. what's best practice? I know I can run a few pages
(I.E. the password Reset Page) as a Domain Admin account (Under anonymous
access)...
but still am stuck as to how to pass the userId's all around the webpage to
check for 'access' to other sections..
How do people do this?
Thank you in advance...
I have all of the .asps writtin already and have access to a sql database if
needed.. just need some general good advise on this..
on Windows 2000 / IIS 5 with an 2003 AD Domain.
I need .Asps that will do the following administration tasks :
Access to the LDAP Directory from an .ASP (To query the ServerVariable /
Logon_User) and get their group memberships for access..
Access to other servers file shares (Directly from ASP) (For logon script
reporting on the \netlogon share for example)
An ASP that must be able to reset users Domain passwords (Used only by the
helpdesk with limited other access)
If I choose Anonymous (With the IUSR_MACHINE Account) I can't get the
LOGON_USER Variable... Nor can I query the LDAP Directory.
If I choose Anonymous (Using a restricted Domain User ID) I still can't get
the Logon_User Variable...but I can query LDAP
If I choose Windows Auth : I can't pass credentials to the DC for LDAP
queries.. (See my post on 8/17 subject :Double Hop Issue?) problem with
Kerberos through VPN etc...
If I choose Basic Auth users need to logon each time ...
Should I try to learn about session cookies and use that to store
credentials?
I am so stuck here.. what's best practice? I know I can run a few pages
(I.E. the password Reset Page) as a Domain Admin account (Under anonymous
access)...
but still am stuck as to how to pass the userId's all around the webpage to
check for 'access' to other sections..
How do people do this?
Thank you in advance...
I have all of the .asps writtin already and have access to a sql database if
needed.. just need some general good advise on this..
Comment